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Realtek RtsPer/RtsUer Card Reader Driver Vulnerability 
(CVE-2022-25476/CVE-2022-25477/CVE-2022-25478/CVE-2022-25479/CVE-2022-25480) 


Release Date 
2022/05/05 


Affected Projects È VE 
Realtek RtsPer driver for PCIe Ww È 
Realtek RtsUer driver for USB C eader NY 


Affected Versions G yy, 
RtsPer.sys ve 0.22000/2 1354 and below 


RtsUer.sys version 40.0.22000.31273 and below 


CVE ID 
CVE-2022-25476 


CVE-2022-25477 

CVE-2022-25478 

CVE-2022-25479 È 
CVE-2022-25480 NY 
Description “OS 


driver: 


1. Input data from usennnode is not properly validated and could lead to a system crash. 
2. Exposing kernel stack or pool memory to non-administrator user. 
3. Access to arbitrary PCI config from a non-administrator user. 


4. Access to device specific IO space and config registers from a non-administrator user. 
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Vulnerability Type 
System Crash 
Gain Privileges 


Kernel Memory Leak 


Attack Type 


Local 


Security Risk È 
r “V 
d G 


Patch 
RtsPer v10.0.22000 


RtsUer v10.0.2 


HH # 
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